[Samba] GPO issues - getting SYSVOL cleaned up again
L.P.H. van Belle
belle at bazuin.nl
Wed Jul 31 12:48:09 UTC 2019
?? And we did compair this months ago..
You did say, everything is in sync now.
Ahhh... ;-)
If you really want to know if you DC's are setup the same.
Tip.. Copy /etc of both server into a new folder.
And runn diff -r /etc-dc1/ /etc-dc2/ > check-me.txt
And check-me.txt
I just did that on my brand new Buster proxy servers, 2 with keepalived.
I'm almost done with this, you should only see hostname IP's as differences...
Virtual ips, firewalling, added winbind, nfs, strongswan, kerberos SSO auths.
Squid with 4 setups.. Pfew.. But guys, when done im posting this howto also.
With squid 4.8 on buster, ( hint : repo buster-squid48 ssl enabled )
What a dragon this was, strongswan is last what im on now.
If someone has a strongswan setup with user/ldap auth, pm me your config ;-)
Ok, what you posted below.
pre01svdeb03 : apt-get remove --purge --auroremove resolvconf
Old dc: pre01svdeb02 : apt-get remove --purge --auroremove resolvconf
Make these changes/verify them after the remove of resolvconf
pre01svdeb03
/etc/resolv.conf
search pilsbacher.at
nameserver 192.168.16.206
nameserver 192.168.16.205
pre01svdeb02
/etc/resolv.conf
search pilsbacher.at
nameserver 192.168.16.206
nameserver 192.168.16.205
^^ yes note that "NOT switching" the DC's.
If want here the other DC first untill its all ok local on this server.
Reboot pre01svdeb02
Backup your logs on this server and clear them.
Yes, reboot! That clear cachings also, just to be sure.
After boot, login, wait ... Wait ...
klist -ke /var/lib/samba/private/secrets.keytab
Verify the hostname
Verify /var/lib/samba/private/dns_update_cache
Does it show the correct hostname.
Is it correct now ?
Yes => run samba-tool dbcheck --cross-nc
No errors? ( ignore tombstone objects )
samba_dnsupdate --verbose
And if ok, now switch's DC's again in /etc/resolv.conf
search pilsbacher.at
nameserver 192.168.16.205
nameserver 192.168.16.206
And reboot once more, check logs again.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Stefan G. Weichinger [mailto:lists at xunil.at]
> Verzonden: woensdag 31 juli 2019 14:24
> Aan: L.P.H. van Belle
> Onderwerp: Re: [Samba] GPO issues - getting SYSVOL cleaned up again
>
> Am 31.07.19 um 14:17 schrieb L.P.H. van Belle:
> > Can you post me the output also on of DC2 of that
> samba_dnsupdate --verbose
>
> observation:
>
> resolv.conf differs:
>
>
>
> root at pre01svdeb03:~# cat /etc/resolv.conf
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> resolvconf(8)
> # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE
> OVERWRITTEN
> nameserver 192.168.16.206
> nameserver 192.168.16.205
> search pilsbacher.at
>
> root at pre01svdeb02:~# cat /etc/resolv.conf
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> resolvconf(8)
> # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE
> OVERWRITTEN
> nameserver 192.168.16.205
> search pilsbacher.at
>
> so DC2=deb03 asks both DNS
>
> DC1=deb02 only itself
>
>
More information about the samba
mailing list